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Before JAMES D. THOMAS, ST. JOHN COURTENAY III, and JAMES R. 
HUGHES, Administrative Patent Judges. 

THOMAS, Administrative Patent Judge. 



DECISION ON APPEAL 1 



1 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, 
as recited in 37 C.F.R. § 41.52, begins to run from the "MAIL DATE" 
(paper delivery mode) or the "NOTIFICATION DATE" (electronic delivery 
mode) shown on the PTOL-90A cover letter attached to this decision. 
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STATEMENT OF THE CASE 

This is an appeal under 35 U.S.C. § 134(a) from the Examiner's final 
rejection of claims 1, 4-12, 16-21, and 24-28. Claims 2, 3, 13-15, 22, and 23 
have been canceled. We have jurisdiction under 35 U.S.C. § 6(b). 

We vacate the rejection under 35 U.S.C. §102 before us and institute a 
new ground of rejection within the provisions of 37 C.F.R. § 41.50(b). 

Invention 

SUMMARY 

Systems and methods are described for declarative client input 
security screening. The techniques described herein are 
"declarative" in that the functional aspects of the techniques are 
performed outside individual page code. As a result, the 
security screening can be performed for one or more web pages 
in a single declarative location, thereby making maintenance, 
review and updates more efficient, reliable and manageable. 

A configuration module in a web-based application (or project) 
that includes one or more web pages is designed to allow client 
input to be screened for the web pages by declaring particular 
screening attributes and actions therein. A global section in 
such a configuration module includes security screens that 
apply to input of all types, while other individual sections 
include security screens that apply only to input of particular 
type. The global section provides a way to consolidate 
screening that applies to all client input types, thereby 
precluding redundant screens having to be maintained in each 
individual section. 
(Summary of Invention, Spec. 2, 1.14- 3, 1. 2; Figs. 2, 3.) 

Representative Claim 

1. A method, comprising: 

receiving data input through a web page from a client device; 
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referencing a declarative module to determine a client input security 
screen to apply to the data input from the client device, wherein the 
declarative module comprises: 

a global section that includes at least one client input security screen 
that applies to any type of client input value; and 

an individual values section that includes at least one client input 
security screen that applies to a particular type of client input value; and 

applying multiple client input security screens to the data input from 
the client device, including at least one client input security screen from the 
global section of the declarative module and at least one client input security 
screen from the individual values section of the declarative module, wherein 
the client input security screens are distinct from one another, and wherein 
said act of referencing comprises first using the global section to screen one 
or more client input values and then using the individual values section to 
screen at least one of said one or more client input values. 

Prior Art and Examiner's Rejection 
The Examiner relies on the following reference as evidence of 
anticipation: 

David Scott & Richard Sharp, Proceedings of the 1 1 th International World 
Wide Web Conference: Abstracting Application-Level Web Security 396- 
407 (2002) ("Scott"). 

All claims on appeal 1, 4-12, 16-21, and 24-28, stand rejected under 
35 U.S.C. § 102(b) as being anticipated by Scott. 

ANALYSIS 

We vacate the prior art rejection encompassing all claims on appeal 
because we conclude that all claims on appeal, claims 1, 4-12, 16-21 and 24- 
28, are "barred at the threshold by § 101." In re Comiskey, 554 F.3d 967, 
973 (Fed. Cir. 2009) (citing Diamond v. Diehr, 450 U.S. 175, 188 (1981)). 
Therefore, the following new ground of rejection is set forth in this Opinion 
within the provisions of 37 C.F.R. § 41.50(b). 
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NEW REJECTION UNDER 35 U.S.C. § 101 

PRINCIPLES OF LAW 

Statutory Subject Matter 
The subject matter of claims permitted within 35 U.S.C. § 101 must 
be a machine, a manufacture, a process, or a composition of matter. 
Moreover, our reviewing court has stated that "[t]he four categories [of 
§ 101] together describe the exclusive reach of patentable subject matter. If 
the claim covers material not found in any of the four statutory categories, 
that claim falls outside the plainly expressed scope of § 101 even if the 
subject matter is otherwise new and useful." In re Nuijten, 500 F.3d 1346, 
1354 (Fed. Cir. 2007); accord In re Ferguson, 558 F.3d 1359 (Fed. Cir. 
2009). This latter case held that claims directed to a "paradigm" are 
nonstatutory under 35 U.S.C. § 101 as representing an abstract idea. Thus, a 
"signal" cannot be patentable subject matter because it is not within any of 
the four categories. In re Nuijten, 500 F.3d at 1357. Laws of nature, 
abstract ideas, and natural phenomena are excluded from patent protection. 
Diamond v. Diehr, 450 U.S. at 185. A claim that recites no more than 
software, logic or a data structure (i.e., an abstraction) does not fall within 
any statutory category. In re Warmer dam, 33 F.3d 1354, 1361 (Fed. Cir. 
1994). Significantly, "[a]bstract software code is an idea without physical 
embodiment." Microsoft Corp. v. AT&T Corp., 550 U.S. 437, 449 (2007). 
The unpatentability of abstract ideas was reaffirmed by the U.S. Supreme 
Court in Bilski v. Kappos, 130 S.Ct. 3218 (2010). 
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With this background in mind, all claims on appeal, 1, 4-12, 16-21, 
and 24-28, are rejected under 35 U.S.C. §101 as being directed to non- 
statutory subject matter. 

Consistent with our earlier-noted invention statement taken from 
Appellants' Summary of Invention, the disclosed and claimed invention is 
directed to software per se, abstract ideas, abstract concepts and 
methodologies and the like, including various data structures and named 
entities, such as a declarative module and various sections thereof, software, 
software applications, and abstract intellectual processes associated with 
them within the claims on appeal. 

The claimed declarative module appears to comprise the disclosed 
Client Input Security Screening Unit (CISS Unit) illustrated in Figure 2 to in 
turn comprise the claimed global screen concept and the claimed individual 
value screen concept. Figure 3 is characterized as a methodological 
implementation of a declarative client input security screening concept for 
web-based services. Essentially, it sets forth the software logic embodying 
the invention. To the extent recited in the claims, the web services, servers, 
browsers and clients appear to be software entities in and of themselves and 
they are not necessarily stated or claimed to be embodied in hardware 
structure. 

This analysis is most descriptive of the subject matter of method 
independent claim 1 on appeal. Corresponding features from this claim are 
recited in the body of system independent claim 12 and the media 
independent claim 21. The recitation of the network in independent claims 
12 and 21 as well as the recitation in the preamble of the computer-readable 
storage media in independent claim 21 appear to relate to signals per se. It 
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appears that the computer program is directly intended to be recited in the 
independent claim 21 since the recited media is directed to computer- 
executable instructions that perform the methodology in the body of this 
claim substantially identically to the methodology of independent method 
claim 1 on appeal. Moreover, the claimed computer-readable media in the 
preamble of independent claim 21 is directly taught at Specification page 17, 
line 3 through page 18, line 2 to comprise communication media and thus 
signal embodiments per se, and media that include and encompass signals 
per se are proscribed by the earlier-noted case law. Note also the analysis 
provided by Subject Matter of Eligibility of Computer Readable Media, 1351 
Off. Gaz. Pat. Office 212 (Feb. 23, 2010). 

CONCLUSION and DECISION 

We have pro forma vacated the outstanding rejection over applied 
prior art of all claims on appeal, claimsl, 4-12, 16-21 and 24-28. We have 
instituted a new ground of rejection within 37 C.F.R. § 41.50(b). This new 
rejection of all claims on appeal is based upon 35U.S.C.§101 since these 
claims are directed to non-statutory subject matter. 

A new ground of rejection is pursuant to 37 C.F.R. § 41.50(b). 
37 C.F.R. § 41.50(b) provides that: "[a] new ground of rejection pursuant to 
this paragraph shall not be considered final for judicial review." 

37 C.F.R. § 41.50(b) also provides that the Appellants, WITHIN 
TWO MONTHS FROM THE DATE OF THE DECISION, must exercise 
one of the following two options with respect to the new grounds of 
rejection to avoid termination of proceedings (37 C.F.R. § 1.197(b)) as to the 
rejected claims: 
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(1) Reopen prosecution. Submit an appropriate 
amendment of the claims so rejected or new evidence relating 
to the claims so rejected, or both, and have the matter 
reconsidered by the examiner, in which event the proceeding 
will be remanded to the examiner .... 

(2) Request rehearing. Request that the proceeding be 
reheard under 37 C.F.R. § 41.52 by the Board upon the same 
record .... 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 



VACATED; 37 C.F.R. § 41.50(b) 



Ere 

MICROSOFT CORPORATION 
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